More importantly, let me know if you find any bugs browsing around on this forum under HTTPS. I only encountered 2 major bugs, the first was related to BBCode buttons. The second was quick-edit not being compatible with HTTPS. Both have been fixed.

In the coming weeks, I will be encouraging HTTPS use for all *.jcink.net users for the Admin CP. I'm working to make the Admin CP 100% https ready.

I went ahead and made those changes like you said and you're right; there really is no difference other than it loads faster for me (not sure why, but might just be the difference in URL, IDK my computer is weird sometimes).

So what are your plans for making this work with custom domain names? Will it be something in the Domain Control Center for the ACP or would it be something we do through our own registrar (namecheap for example)?

So what are your plans for making this work with custom domain names? Will it be something in the Domain Control Center for the ACP or would it be something we do through our own registrar (namecheap for example)?

The conundrum with domain names is that each domain needs its own SSL certificate.

We paid for all jcink domain users since it was a wildcard certificate through SSLTrust. Our *.jcink.net certificate was an "expensive" one ($400), but the cert covers everyone for 3 years.

Standard domain name certificates namecheap for SSL are only $9.00/year per domain name. Not so bad, but a significant cost increase yearly for someone who has. And every year the certificate expires, it needs to be renewed and sent to us and I'll have to manually insert their cert.

Ideally what I would like to do for domain owners is utilize a free solution called Let's Encrypt instead ( https://letsencrypt.org/ ). A problem with those certificates however, is that they only last 90 days. So a board owner would need to generate a new certificate every 90 days, then give it to us.

Obviously this adds a LOT of labor and inconvenience, along with "complexity", and the first option is less labor for us and the board owner, but adds cost.

The ultimate solution would be a way to enter a lets encrypt account's details into the Admin CP, and have our server automatically go to their site via some API and "create" a cert then load it in. This will take some time to fully implement and I'm not even sure I'll have this implemented by the end of this year.

I will, at the very least I think be ready to accept yearly certificates sometime during the summer via email/support ticket, probably toward the end. Initially we were not planning on going full HTTPS for another year even for the jcink domains, but the decision was made that this would be best for everyone and will make switching to HTTPS less painful when browsers finally "drop the hammer" on HTTP years in the future.

The conundrum with domain names is that each domain needs its own SSL certificate.

We paid for all jcink domain users since it was a wildcard certificate through SSLTrust. Our *.jcink.net certificate was an "expensive" one ($400), but the cert covers everyone for 3 years.

Standard domain name certificates namecheap for SSL are only $9.00/year per domain name. Not so bad, but a significant cost increase yearly for someone who has. And every year the certificate expires, it needs to be renewed and sent to us and I'll have to manually insert their cert.

Ideally what I would like to do for domain owners is utilize a free solution called Let's Encrypt instead ( https://letsencrypt.org/ ). A problem with those certificates however, is that they only last 90 days. So a board owner would need to generate a new certificate every 90 days, then give it to us.

Obviously this adds a LOT of labor and inconvenience, along with "complexity", and the first option is less labor for us and the board owner, but adds cost.

The ultimate solution would be a way to enter a lets encrypt account's details into the Admin CP, and have our server automatically go to their site via some API and "create" a cert then load it in. This will take some time to fully implement and I'm not even sure I'll have this implemented by the end of this year.

I will, at the very least I think be ready to accept yearly certificates sometime during the summer, probably toward the end. Initially we were not planning on going full HTTPS for another year even for the jcink domains, but the decision was made that this would be best for everyone and will make switching to HTTPS less painful when browsers finally "drop the hammer" on HTTP years in the future.

That seems annoying overall, though I love the sound of the ultimate solution you have there. That would be ideal.

I'll happily purchase the SSL certificate when you're ready to handle them. I think that if you could almost find a way to add the certificate when you add the domain name in it would be great at least as a hold over. I'm not exactly sure how that would work but I think it is something that should happen once that you never have to look at again after.

I agree, it's just unfortunate that you can't simply buy a certificate, load it once, and be done with it as long as you keep renewing it yearly. It needs to be changed out.

The need to switch out a cert adds a whole new level. Having to do it every 90 days is even worse. "Let's Encrypt's" rationale for the whole 90 day limit is that it's "more secure" (like changing a password every 90 days). I beg to differ, but whatever.

Few bugs identified by a user in the support ticket system. Most of the links under "JFH Resources" don't work / blank out. Will be fixing these, it's because they keep trying to redirect to http links.

Firefox 52 has thrown down the hammer harder than google. This nasty message is being displayed on HTTP logins now for those who have updated to the latest firefox. I figured this out when I was visiting Fedex's website and was shocked.

It is absolutely pertinent for those even without domains to work on making their forums HTTPS friendly.

As a result of this, we may begin to force HTTPS for newly created forums soon.

Jcink contacted me about whether or not I plan on switching. Yes, I do. Like, I cannot believe how fast this had come all down. I was planning on going to a secure connection later this year. But, I'm moving up my timeline to this week. I know a handful of you all use my image host, we will support the https change

I have been contacting a few image hosts that are commonly used who have not yet switched that admins and members are commonly utilizing just to see what their plans are, if any. Here is a list of https supported image hosting, not complete.